<?php
    $DEBUG = false;
    include_once "classes/User.php";
    session_start();
    include_once "session.php";
    if (!isLoggedIn()) {
        exit();
    }
    
    if ($_SESSION['User']->UserType != "Manager") { //Invalid privileges!
        exit();
    }
    
    if (!isset($_POST["type"])) {
        exit();
    }
    
    $arr = array();
    $arr["Success"] = 0;
    include_once "db/db_cse305.php";
    $type = $_POST["type"];
    
    if ($type == "stock_price") {
        //stock: stockSym,
        //value: newVal
        
        $stock = $_POST["stock"];
        $val = $_POST["value"];
        
        if (!is_numeric($val)) {
            $arr["Msg"] = "Invalid price.";
            echo json_encode($arr);
            exit();
        }
        
        $val = floor($val * 100);
        $query = sprintf("UPDATE stocks SET SharePrice = %d WHERE StockSymbol = '%s'", mysql_real_escape_string($val), mysql_real_escape_string($stock));
        $result = mysql_query($query) or die(mysql_error());
        if (mysql_affected_rows() > 0) {
            $arr["Success"] = 1;
            echo json_encode($arr);
            exit();
        } else {
            $arr["Msg"] = "Something went wrong (or price is the same)... try again later.";
            echo json_encode($arr);
            exit();
        }
    } else {
        $arr["Msg"] = "Invalid type.";
        echo json_encode($arr);
        exit();
    }
?>
